diff options
-rw-r--r-- | perl-install/any.pm | 60 | ||||
-rw-r--r-- | perl-install/install2.pm | 5 | ||||
-rw-r--r-- | perl-install/install_steps.pm | 5 | ||||
-rw-r--r-- | perl-install/install_steps_interactive.pm | 3 | ||||
-rw-r--r-- | perl-install/security/level.pm | 40 | ||||
-rw-r--r-- | perl-install/security/libsafe.pm | 18 |
6 files changed, 48 insertions, 83 deletions
diff --git a/perl-install/any.pm b/perl-install/any.pm index 578d7c465..62de800ed 100644 --- a/perl-install/any.pm +++ b/perl-install/any.pm @@ -845,66 +845,6 @@ sub ddcxinfos { @l; } -sub config_libsafe { - my ($prefix, $libsafe) = @_; - my %t = getVarsFromSh("$prefix/etc/sysconfig/system"); - if (@_ > 1) { - $t{LIBSAFE} = bool2yesno($libsafe); - setVarsInSh("$prefix/etc/sysconfig/system", \%t); - } - text2bool($t{LIBSAFE}); -} - -sub config_security_user { - my ($prefix, $sec_user) = @_; - my %t = getVarsFromSh("$prefix/etc/security/msec/security.conf"); - if (@_ > 1) { - $t{MAIL_USER} = $sec_user; - setVarsInSh("$prefix/etc/security/msec/security.conf", \%t); - } - $t{MAIL_USER}; -} - -sub choose_security_level { - my ($in, $security, $libsafe, $email) = @_; - - my %l = ( - 0 => N("Welcome To Crackers"), - 1 => N("Poor"), - 2 => N("Standard"), - 3 => N("High"), - 4 => N("Higher"), - 5 => N("Paranoid"), - ); - my %help = ( - 0 => N("This level is to be used with care. It makes your system more easy to use, -but very sensitive: it must not be used for a machine connected to others -or to the Internet. There is no password access."), - 1 => N("Password are now enabled, but use as a networked computer is still not recommended."), - 2 => N("This is the standard security recommended for a computer that will be used to connect to the Internet as a client."), - 3 => N("There are already some restrictions, and more automatic checks are run every night."), - 4 => N("With this security level, the use of this system as a server becomes possible. -The security is now high enough to use the system as a server which can accept -connections from many clients. Note: if your machine is only a client on the Internet, you should choose a lower level."), - 5 => N("This is similar to the previous level, but the system is entirely closed and security features are at their maximum."), - ); - delete @l{0,1}; - delete $l{5} if !$::expert; - - $in->ask_from( - N("DrakSec Basic Options"), - N("Please choose the desired security level") . "\n\n" . - join('', map { "$l{$_}: " . formatAlaTeX($help{$_}) . "\n\n" } ikeys %l), - [ - { label => N("Security level"), val => $security, list => [ sort keys %l ], format => sub { $l{$_[0]} } }, - if_($in->do_pkgs->is_installed('libsafe') && arch() =~ /^i.86/, - { label => N("Use libsafe for servers"), val => $libsafe, type => 'bool', text => - N("A library which defends against buffer overflow and format string attacks.") }), - { label => N("Security Administrator (login or email)"), val => $email, }, - ], - ); - } - sub running_window_manager { my @window_managers = qw(kwin gnome-session icewm wmaker afterstep fvwm fvwm2 fvwm95 mwm twm enlightenment xfce blackbox sawfish olvwm); diff --git a/perl-install/install2.pm b/perl-install/install2.pm index f737dc00a..9d6eb07c1 100644 --- a/perl-install/install2.pm +++ b/perl-install/install2.pm @@ -288,8 +288,9 @@ sub setupBootloader { local $ENV{DRAKX_PASSWORD} = $o->{bootloader}{password}; local $ENV{DURING_INSTALL} = 1; run_program::rooted($o->{prefix}, "/usr/sbin/msec", "-o", "run_commands=0", "-o", "log=stderr", $o->{security}); - any::config_libsafe($o->{prefix}, $o->{libsafe}); - any::config_security_user($o->{prefix}, $o->{security_user}); + require security::various; + security::various::config_libsafe($o->{prefix}, $o->{libsafe}); + security::various::config_security_user($o->{prefix}, $o->{security_user}); } #------------------------------------------------------------------------------ sub configureX { diff --git a/perl-install/install_steps.pm b/perl-install/install_steps.pm index 592d119d1..34503a80e 100644 --- a/perl-install/install_steps.pm +++ b/perl-install/install_steps.pm @@ -931,9 +931,10 @@ sub miscellaneousBefore { my %s = getVarsFromSh("$o->{prefix}/etc/sysconfig/system"); $o->{miscellaneous}{HDPARM} = $s{HDPARM} if exists $s{HDPARM}; require security::level; + require security::various; $o->{security} ||= security::level::get() || ($o->{meta_class} =~ /server|firewall/ ? 3 : 2); - $o->{security_user} ||= any::config_security_user($o->{prefix}); - $o->{libsafe} ||= any::config_libsafe($o->{prefix}); + $o->{security_user} ||= security::various::config_security_user($o->{prefix}); + $o->{libsafe} ||= security::various::config_libsafe($o->{prefix}); log::l("security $o->{security}"); diff --git a/perl-install/install_steps_interactive.pm b/perl-install/install_steps_interactive.pm index 762887ae2..d57fa421a 100644 --- a/perl-install/install_steps_interactive.pm +++ b/perl-install/install_steps_interactive.pm @@ -1100,7 +1100,8 @@ sub miscellaneous { my ($o, $_clicked) = @_; if ($::expert) { - any::choose_security_level($o, \$o->{security}, \$o->{libsafe}, \$o->{security_user}) or return; + require security::level; + security::level::level_choose($o, \$o->{security}, \$o->{libsafe}, \$o->{security_user}) or return; } install_steps::miscellaneous($o); } diff --git a/perl-install/security/level.pm b/perl-install/security/level.pm index 7ea08a52c..e6ac8876c 100644 --- a/perl-install/security/level.pm +++ b/perl-install/security/level.pm @@ -44,4 +44,44 @@ sub set { run_program::rooted($::prefix, "/usr/sbin/msec", $run_level ? $run_level : 3); } +sub level_choose { + my ($in, $security, $libsafe, $email) = @_; + + my %l = ( + 0 => N("Welcome To Crackers"), + 1 => N("Poor"), + 2 => N("Standard"), + 3 => N("High"), + 4 => N("Higher"), + 5 => N("Paranoid"), + ); + my %help = ( + 0 => N("This level is to be used with care. It makes your system more easy to use, +but very sensitive: it must not be used for a machine connected to others +or to the Internet. There is no password access."), + 1 => N("Password are now enabled, but use as a networked computer is still not recommended."), + 2 => N("This is the standard security recommended for a computer that will be used to connect to the Internet as a client."), + 3 => N("There are already some restrictions, and more automatic checks are run every night."), + 4 => N("With this security level, the use of this system as a server becomes possible. +The security is now high enough to use the system as a server which can accept +connections from many clients. Note: if your machine is only a client on the Internet, you should choose a lower level."), + 5 => N("This is similar to the previous level, but the system is entirely closed and security features are at their maximum."), + ); + delete @l{0,1}; + delete $l{5} if !$::expert; + + $in->ask_from( + N("DrakSec Basic Options"), + N("Please choose the desired security level") . "\n\n" . + join('', map { "$l{$_}: " . formatAlaTeX($help{$_}) . "\n\n" } ikeys %l), + [ + { label => N("Security level"), val => $security, list => [ sort keys %l ], format => sub { $l{$_[0]} } }, + if_($in->do_pkgs->is_installed('libsafe') && arch() =~ /^i.86/, + { label => N("Use libsafe for servers"), val => $libsafe, type => 'bool', text => + N("A library which defends against buffer overflow and format string attacks.") }), + { label => N("Security Administrator (login or email)"), val => $email, }, + ], + ); +} + 1; diff --git a/perl-install/security/libsafe.pm b/perl-install/security/libsafe.pm deleted file mode 100644 index 1001ce4db..000000000 --- a/perl-install/security/libsafe.pm +++ /dev/null @@ -1,18 +0,0 @@ -package security::libsafe; - -use diagnostics; -use strict; - -use common; - -sub config_libsafe { - my ($prefix, $libsafe) = @_; - my %t = getVarsFromSh("$prefix/etc/sysconfig/system"); - if (@_ > 1) { - $t{LIBSAFE} = bool2yesno($libsafe); - setVarsInSh("$prefix/etc/sysconfig/system", \%t); - } - text2bool($t{LIBSAFE}); -} - -1; |